Looking for Indemnification While Linux Sales Double

Little doubt exists; a legal cloud hangs over Linux from infringement
claims of the SCO Group, Inc. In spite of that cloud, Linux server sales
grew 56.9 percent in the first quarter of the year. Linux sales in 2004 follows
six consecutive quarters of double-digit growth for the free operating
system during unprecedented legal attacks from SCO over the same period.

Linux success helped push all server growth to 7.3 percent according to IDC's
Worldwide Quarterly Server Tracker. The contradictions of sales
increases and legal uncertainties bring into question the degree of
concern people actually feel about SCO's legal claims. One might say, if
the defendants of the SCO suits don't see concern, why should I?

This article examines issues related to Linux use in the enterprise
while copyright infringement claims exist. CIO's and others who need
pragmatic information when deciding whether or not to deploy Linux will
find this useful. Rather than examine the legal case, we will examine
market perception and risk related to using Linux.

Market Perception

SCO believes that Linux infringes on its Intellectual Property. SCO has
sued IBM, Novell, AutoZone, and DaimlerChrysler on the basis of that
belief. IBM and Novell market Linux while AutoZone and DaimlerChrysler
use Linux in their businesses.

Realists consider Linux adoption remarkable. The word on the street and
in the foxholes of the IT community has created a swell of adoption from
small businesses to the entire Fortune 500. The marketing of Linux by
HP, IBM, Sun, Dell, Oracle, and Novell demonstrates the commitment of
industry to Linux. With all the agreement in the market, most observers
do not give SCO much of a chance of winning its cases.

The recent announcement that the U.S.
Federal Court system has
deployed Linux adds further to the
speculation that Linux deployment may be safe. People will reason that
Linux use in the courts bodes poorly for SCO.

Normal Risks Associated with Software Acquisition

Procurement policies within large organizations discuss infringement.
For example, the basic policy for software purchases at the University
of Texas states:

"We should expect that Vendors will develop their products without
infringing the intellectual property rights of others, that is, without
appropriating others' protected ideas or expression."

Large purchasers
want warranties from vendors guaranteeing their software does not
infringe. Such purchasers do not necessarily expect vendors to provide
warranties. They do expect that if the software infringes someone else's
rights, the vendor will take care of any expenses incurred if the
purchaser is sued or asked to stop using the software because of alleged
infringement. Large organizations expect protection from infringement.
They want to know that a software vendor will pay for expenses related
to infringement and they want that stated in the software license
agreement. They also realize that exceptions exist if the software is:

Beta test software

Free, steeply discounted, or very low-cost software

Software provided by nonprofit vendors

Software whose source exists in the public domain

In enterprise terms, if a vendor agrees to indemnify, it means the
vendor accepts the risk of financial loss.

The first
three situations above illustrate circumstances where a vendor may not
make enough money on the product to justify assuming risk for
indemnification. In effect the vendor says, "If you want this software,
you'll have to accept the risk that it might infringe. If you want us to
accept that risk, it will cost you a lot of money."

SCO's Unprecedented Infringement Case

Past infringement cases have focused on software
makers rather than end users. For example, Microsoft has encountered
many infringement cases from companies like Eolas, Stac, Burst,
Netscape, Sun, and InterTrust. None of the Microsoft cases have fallen
over to consumers.

SCO finds itself in different circumstances. SCO used
to sell Linux and contributed to its development. Linux is free, steeply
discounted, and/or very low-cost software. Indemnification hasn't
normally applied to Linux. SCO has no one to go after except end users
for infringement.

One can argue that SCO demonstrated to the world that
it could not drive a successful business selling software using
traditional channels. As it saw other Linux companies pulling away,
SCO decided to attempt to capitalize on others' successes by exacting a
bounty on all deployments of Linux. SCO asserted its belief that it
owned the Intellectual Property that makes up Linux. In legal terms,
lawyers will tell you that belief alone gives one grounds for filing a
lawsuit.

Many argue that SCO has faired poorly in court against rivals
Novell and IBM. After the most recent setback, SCO CEO Daryl McBride
insisted his coffers contain enough to pursue litigation for several
years. While SCO's legal battles against IBM and Novell follow a slow
pace in court, SCO plans to further litigate against end users.

Can You Expect Judicial Relief?

Linux companies won relief in two German cases to stop SCO from pursuing
end users. When SCO didn't comply with a court order to stop harassing
users, Linux companies asked the courts to fine SCO for breaching the
order against using intimidating tactics. Courts in Bremen and Munich
issued injunctions against SCO for using a strategy of intimidating
Linux users. Until SCO can prove its case, the company can't litigate against
Linux users in Germany.

"The Munich I District Court determined that SCO had not plausibly
demonstrated that the Linux kernel violates SCO's rights," said attorney
Dr. Till Jaeger of the firm of Jaschinski Biere Brexl. Because SCO
continued to publish disputed claims, the managing director, Elmar Geese
of one Linux company said, "We can't simply allow them [SCO] to confuse
GNU/Linux users, causing damage to Linux businesses."

In the United States, courts have not granted injunctive relief even
though many observers believe SCO faces ultimate embarrassment in court
against IBM and Novell. Instead of confining its claims to the people
SCO says harmed the company, SCO uses a form of legal shock against the
business community. The aim? SCO outwardly says it wants to bring in
licensing revenues. The company reports earnings and expenses from its legal
activities as a separate line of business in its SEC filings.

SCO knows most businesses flinch at the thought of litigation, and
preferring to avoid litigation, will settle of out court. SCO plans to
continue to threaten people who know very little about the state of
its information technology shops.

Litigation Risks

The pain and perils associated with lawsuits lies in the process of
litigation rather than the outcome. The old adage that few cases see the
inside of a courtroom is true. Settlement agreements nearly always start
off with the phrase "In order to buy the peace, the parties agree to the
following..." Many people weigh the costs of legal fees and lost
business opportunities against eventual outcomes and decide to just
settle.

Those who have gone through litigation one or more times realize
litigation isn't always about winning or losing. Plaintiffs may
deliberately aggravate defendants. The process starts when the first
constable shows up at your place of business to serve you papers in a
lawsuit.

If you enjoy the sinking feeling of a steep rollercoaster ride
at a theme park, you might like litigation. Multiply that many times and
allow it to linger over many years and you know what it's like to land
in a lawsuit. Each motion and service by another constable adds more
anxiety.

SCO wants to intimidate people into buying its licenses. If the company
accomplishes that, then perhaps it can show the courts that people
believe it owns the Unix intellectual property.

Indemnification Possibilities for Linux

Linux meets the criteria of being free, steeply discounted, and very low-cost
software. This accounts for the growth of Linux while under the
cloud of potential infringement. Compared to the per seat license costs
of various proprietary Unix distributions, Linux presents a strong case
for self-insuring.

SCO lawyers target large companies for infringement suits. Larger
companies have more seats, more machines, and are more likely to self
insure. If SCO could prove willful infringement then the risks increase
dramatically. Willful infringement provides for statutory damages of
$150,000 (per act of infringement). That said, seek the advice of a
lawyer, because given the facts of the case and the potential appeal
process, I think willful infringement would be a stretch. But, I'm not a
lawyer.

Novell

In the event of a copyright infringement lawsuit, Novell will take over
the litigation. Novell follows that as a customary practice. To Novell,
indemnification allows the transfer of litigation risk from its
enterprise customers to Novell's legal department or its selected law
firm. Such policies endear customers to Novell.

Novell aims its indemnification policy at enterprise customers. An
enterprise with upgrade protection and a support contract can ask for
and get indemnification. By imposing an annual spending requirement of
$50,000, Novell does not indemnify individual users or small business
customers. Novell places a cap on damages of $1.5 million or 125 percent
of the value of the customer's total Linux purchases.

Some people might believe that Novell knows something no one else knows:
secrets of the SCO case. Some may reason that if Novell offers
indemnification, it must know that SCO hasn't got a chance. That's
probably not the situation. Going into litigation, no one knows the
outcome. Anyone who thinks a lawsuit is a slam dunk lacks knowledge of
legal matters.

Litigation outcomes often carry a surprise. You may make a mistake
believing that Novell's knowledge of the issues gives it some certainty
and therefore it is offering indemnification. Don't be so sure. Novell
does have the advantage of experience in software litigation and a long
history of customer satisfaction.

HP

If you acquire Linux from HP, run it on HP hardware and have an HP
software support agreement, then you can obtain indemnification and
legal defense for claims by SCO. HP says it does not have a cap on fees
or judgment payouts. You will have to discuss this with an HP sales
representative.

The HP plan appears to require that customers use unmodified versions of
Linux that it sells to qualify. HP may not cover modifications, but may
cover the balance of the unmodified code. Again, you will have to
discuss this with your sales representative.

Red Hat

Red Hat provides what it calls Open Source Assurance (OSA) to its Enterprise
subscribers. Red Hat does not offer indemnification but rather a warranty.
If code infringes on the valid intellectual property rights of another, Red Hat
will replace that code. Red Hat's OSA is a promise to replace software
so customers may continue the use of a solution without interruption.

Red Hat also says it offers customers access to the Open Source Now Fund.
Red Hat created the fund to assist companies with legal expenses.
Red Hat covers customers with valid, registered Red Hat Enterprise Linux
subscriptions under its Intellectual Property Warranty during the term
of the subscription.

Open Source Risk Management (OSRM)

A new organization called Open Source Risk
Management promises indemnification to clients for an average annual
cost of 3 percent of the maximum desired coverage. If you want $1,000,000 million in
coverage then you would pay $30,000. The company states on its web site
that OSRM's indemnification offering and services do not constitute an
insurance product and should not be considered insurance.

You may find this offering confusing. The founder Daniel Egger explains in fairly
unclear terms that he offers you consulting services. For the fees paid
you will get a risk assessment and something the organization calls best practices
protocols.

OSRM claims to offer extensive legal and financial backing
for the use of open source software based on the Linux Kernel (versions
2.4 and 2.6). You would have to do your own due diligence to find out
exactly what that means.

Final Remarks

Depending on your status, Linux adoption may provide you significant
savings and improved IT performance. If you require risk reduction
because of the claims of infringement by the SCO Group you have some
choices. Novell provides the best overall choice for a couple of
reasons. First, Novell has a history of taking care of its clients by
accepting the burden of litigation. Ultimately, that's more important
than the financial scenarios in this case. Secondly, no one knows what
the other vendors will provide because they have never had to test their
offerings. That breeds uncertainty and creates another kind of risk we
all can live without: The risk of not knowing what will happen.

Tom Adelstein
became an author in 1985 and has published and written non-fiction books, journalistic investigative reports, novels and screen plays prolifically ever since.